​Michaels investigating possible breach of credit card data

The biggest home decor and crafts retailer in the US, Michaels Companies Inc, has warned customers that their credit cards could be compromised in a possible data theft that is currently under investigation.

The security breach on the Michaels card payment system has not
yet been confirmed. The company initiated the probe when it came
to their notice that some of its clients, who had paid for
purchases with credit cards, later reported fraudulent activity
on their accounts.

"We are concerned there may have been a data security attack
on Michaels that may have affected our customers' payment card
information," Michaels Chief Executive Chuck Rubin said in a
statement emailed on Saturday to news outlets. "We are taking
aggressive action to determine the nature and scope of the
issue."

The statement also says that the Texas-based company is working
closely with federal law enforcement, as well as data security
experts, to establish whether the store’s payment system was
compromised. The US Secret Service has confirmed it is
investigating the matter.

Meanwhile, clients have been recommended to check their payment
card account statements for unauthorized charges.
If confirmed, the data breach at Michaels would be the second
since 2011, when about 94,000 payment card numbers were stolen.

This time the possible breach comes at a sensitive time, when the
company is preparing for its initial public offering.

"This is devastating for them because this is the second time
in a row," said Gartner security analyst, Avivah Litan,
cited by Reuters. "The public and the credit card companies
are going to slap their wrist twice as hard because they'll say
they haven't learned their lesson and that they can't be
trusted."

What alleviates the blow somewhat for Michaels is that it’s
actually the third major retailer to have recently announced an
investigation into data breaches.

Earlier in January, Dallas-based Neiman Marcus, which caters to
upper-income bracket shoppers, revealed 1.1 million of its
clients credit and debit cards may have been compromised
in last year’s spate of data thefts. The breach reportedly
occurred through malicious software that collected payment card
information from July 16 to October 30.

In December, Target Corp revealed that hackers stole
sensitive data from their customers as part of a pre-Christmas
data breach, which happened between November 27 and December 15.
It was initially believed that 40 million credit and debit cards
had been affected. The estimate was later corrected to 110
million.

Law enforcement officials and several cybersecurity experts have
warned that still more attacks on retailers could yet be in
store.